Researchers in Mason’s Center for Secure Information Systems (CSIS) in the Volgenau School of Information Technology and Engineering have developed new software that can reduce the impact of cyber attacks by identifying the possible vulnerability paths through an organization’s networks.

By their very nature, networks are highly interdependent, and each machine’s overall susceptibility to attack depends on the vulnerabilities of the other machines in the network.

Attackers can take advantage of multiple vulnerabilities in unexpected ways, allowing them to incrementally penetrate a network and compromise critical systems. To protect an organization’s networks, it is necessary to understand not only individual system vulnerabilities, but also their interdependencies.

“Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone because of the complexity, volume and frequent changes in security data and network configurations,” says Sushil Jajodia, University Professor and director of CSIS.

“This new software is an automated tool that can analyze and visualize vulnerabilities and attack paths, encouraging ‘what-if analysis.’”

The software developed at Mason, called CAULDRON (short for Combinatorial Analysis Utilizing Logical Dependencies Residing on Networks), can transform raw security data into roadmaps that allow users to proactively prepare for attacks, manage vulnerability risks and have real-time situational awareness.

By providing an informed risk analysis and analyzing vulnerability dependencies, CAULDRON shows all possible attack paths into a network. These are then organized into an attack graph that conveys the impact of combined vulnerabilities on overall security.

To manage attack graph complexity, CAULDRON includes hierarchical graph visualizations with high-level overviews and detailed drilldown, allowing users to navigate into a selected part of the big picture to get more information.

The Federal Aviation Administration is currently using the software in their Cyber Security Incident Response Center.

While it is currently being used by the FAA and defense community, Jajodia says that the software is applicable in almost any industry or organization with a network and resources they want to keep protected, such as banking or education.

Funding for this software development was provided by Mason, the defense, homeland security and intelligence communities and the FAA. CSIS researchers involved in the software development include Jajodia, associate director Steven Noel, and senior research scientist Pramod Kalapa.

Five patents are currently pending on the CAULDRON software.

The CAULDRON software is able to provide a big-picture analysis that displays possible attack paths based on a specific intrusion location.Image Courtesy of CSIS